A hacker reportedly infiltrated the XRP Ledger’s JavaScript library and injected malware designed to steal private keys from unsuspecting developers.
This malware had been sitting within the XRPL codebase for hours before being removed and replaced.
The XRP Ledger Foundation confirmed that the core XRPL codebase and its GitHub repositories were unaffected by the attack.
Applications on the XRPL currently hold around $80 million, and if any private keys were compromised, the hacker would have made off with millions.
The crypto industry, particularly the XRP community, recently experienced a cybersecurity scare.
A hacker reportedly infiltrated the XRP Ledger’s JavaScript library and injected malware designed to steal private keys from unsuspecting developers.
Such a security incident has created a new wave of security concerns across the industry, especially with the infrastructure that powers major DeFi platforms.
22 April saw blockchain security firm Aikido reveal that the official XRP Ledger’s node package manager had been compromised.
This malware was first discovered around 8:53 PM UK time on Monday and had been sitting within the XRPL codebase for hours before being removed and replaced.
Per reports from Aikido, this was no ordinary breach.
The infected JavaScript library was used by thousands of websites and applications, making the attack one of the most serious supply chain attack this year.
The mysterious code
Aikido mentioned that the malware was installed by a user operating under the alias mukulljangid.
Mukulljangid reportedly uploaded five new versions of the XRPL node package that included hidden code.
Interestingly, these new versions didn’t have corresponding releases on the official XRPL GitHub repository (which would have been an immediate red flag for experienced developers.).
Aikido researcher Charlie Eriksen mentioned that the hacker was clearly experimenting with ways to install the code unnoticed.
“The multiple version updates show that the attacker was actively working on the attack,” he explained. “They were trying different ways to insert the backdoor while remaining as hidden as possible”
While XRP is closely associated with Ripple Labs, it is important to note that the parent company doesn’t “own” the XRP Ledger.
The XRP Ledger, being a blockchain network, is decentralized and maintained by thousands of developers and contributors (including Ripple).
The XRP Ledger Foundation, not Ripple, is responsible for the XRP Ledger.
The XRP Ledger Foundation confirmed that the core XRPL codebase and its GitHub repositories were unaffected by the attack.
They thus quickly took action by removing the affected versions and releasing an updated, clean version of the JavaScript library.
While nobody knows how many developers downloaded the infected package, it would have done some serious harm if undetected.
Applications on the XRPL (like XRPScan, First Ledger, Gen3 Games and more) currently hold around $80 million in user deposits, and if any private keys were compromised, the hacker would have made off with millions.
This incident isn’t an isolated one. Supply-chain attacks are becoming more and more prevalent in the crypto space and outside as of late.
They are particularly dangerous because they can escape the notice of even experienced developers and cause serious damage.
The backdoor in the XRP Ledger package was flagged Aikido’s automatic threat detection system, which uses LLMs to monitor open-source code for threats like these.
A 2024 report from Chainalysis also revealed that private key theft accounted for 43.8% of all stolen crypto during the year.
This problem is a growing one, and developer security practices are important now more than ever.
This isn’t the first time that XRP is facing a serious security issue.
January 2024 saw Ripple co-founder Chris Larsen lose $112 million worth of XRP tokens to a password management vulnerability.
Since then, the stolen tokens have increased in value, and are now worth an estimated $449 million.
Events like these are especially concerning, not just for the security of blockchains, but for the tools that surround them.
Disclaimer: Voice of Crypto aims to deliver accurate and up-to-date information, but it will not be responsible for any missing facts or inaccurate information. Cryptocurrencies are highly volatile financial assets, so research and make your own financial decisions.